chg: [tool] KEYMARBLE malware added

ref: https://www.us-cert.gov/ncas/analysis-reports/AR18-221A
This commit is contained in:
Alexandre Dulaunoy 2018-08-11 16:14:39 +02:00
parent e8ffc75d4a
commit 9059a85eed
Signed by: adulau
GPG key ID: 09E2CD4944E6CBCD

View file

@ -2,7 +2,7 @@
"uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f", "uuid": "0d821b68-9d82-4c6d-86a6-1071a9e0f79f",
"description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.", "description": "threat-actor-tools is an enumeration of tools used by adversaries. The list includes malware but also common software regularly used by the adversaries.",
"source": "MISP Project", "source": "MISP Project",
"version": 82, "version": 83,
"values": [ "values": [
{ {
"meta": { "meta": {
@ -4557,6 +4557,16 @@
"https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/SamSam-The-Almost-Six-Million-Dollar-Ransomware.pdf" "https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/SamSam-The-Almost-Six-Million-Dollar-Ransomware.pdf"
] ]
} }
},
{
"value": "KEYMARBLE",
"description": "This Malware Analysis Report (MAR) is the result of analytic efforts between Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). Working with U.S. Government partners, DHS and FBI identified Trojan malware variants used by the North Korean government. This malware variant has been identified as KEYMARBLE. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity.",
"uuid": "f7f53bb8-37ed-4bbe-9809-ca1594431536",
"meta": {
"refs": [
"https://www.us-cert.gov/ncas/analysis-reports/AR18-221A"
]
}
} }
], ],
"authors": [ "authors": [